I need help with a REGEX that needs to match multiple conditions in a log event. The event looks like this: 02:02:02.000 AM Mar 30 02:02:02 servername1 Oracle Audit[2225]: SESSIONID: "123456789" ENTRYID: "*****" USERID: "ABC" USERHOST: "server2" OBJ$CREATOR: "LMN" OBJ$NAME: "value1" SES$ACTIONS: "--**********-" OS$USERID: "someusername" I need to send events to the nullQueue when all of the following conditions are met: USERHOST: "server2" OS$USERID: "someusername" USERID: "ABC" This is the REGEX that I have in place, but doesn't seem to be working: REGEX = (?s)(OS\$USERID:\s.someusername.).+?(USERHOST:\s.server2.).+?(USERID:\s.ABC.) Any ideas on how to correct my failing regex? THanks ... View more